Executive Summary

Title Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability
Name cisco-sa-20161102-cms1 First vendor Publication 2016-11-02
Vendor Cisco Last vendor Modification 2016-11-02
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.

The vulnerability exists because the affected software performs incomplete input validation of the size of media lines in session descriptions. An attacker could exploit this vulnerability by sending crafted packets to the SDP parser on an affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on an affected system, which could allow the attacker to execute arbitrary code on the system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1

BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJYGeeeAAoJEK89gD3EAJB5ONgP/RUQTYCV+EW2SbXMFCghUH0m f6SrzmX3BJYe1ToFWf+QltKKHuS+iWr/R81fQ7tlBqDb8qpVIvhqM4HPirvKNl0w fwrkwu32FCDQNv6zeZuMeT9u0IooLzT6gEUDtxzhcy7iimhF6MmqdfyBSyYVVHrx N2N3Ru7ngMtgFLXdOGmL4AVT58LCy35WmxZXN1pel5VklKKnLhpXAnIyWovHDMJa srl9Hk7bgtP9Z8c+jhsAuQO6PdzZJXPo831TYQXx6gbzg5ESewfbcFSZpo35YVMZ BWEJ37NiYPXF9aMgu7t0+DwzSJr3ws9GQb58/R79m2vVTsLCAdbPtr7caHZ0yYEV Rc5zutMlNgMz1qR4fhwPefEIEktghmy9TmlrK6p7CLzXI0Xfa0jHYSUr12OT9qHo wLym7jGsC8NksH0rKEGFCKK3vQpflasW74BoJ1gwl046JbCQIQIc9U/ofcJZspKe KCbkpic0kAozMEms7tEprq3nOb34tPgWa0Ie1rXoDWu6ioXgjlMQusznO35MPIJ7 EfcmFV+Z8NK6cxG5G+aKwWl8xnWRii5/bXfEFnCx5ICcMD1KOP651rcCHpTDLs+m 5yYjwOOxrnHVveldIon6Ryp+1j0hkTZkbBPcRCN7kgNPioAC6GNWjFvj0hYxCbz9 8FFZPoHfD+E5+Bvcjz2r =69Jd END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Application 9

Snort® IPS/IDS

Date Description
2016-11-03 Cisco Meeting Server SIP SDP media description buffer overflow attempt
RuleID : 40638 - Revision : 1 - Type : PROTOCOL-VOIP

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-11-05 00:25:19
  • Multiple Updates
2016-11-02 21:24:57
  • First insertion